From 0df054577746d57f1991b8789c3e7ed1f5b998d5 Mon Sep 17 00:00:00 2001 From: James Morgan Date: Wed, 14 Oct 2020 20:17:25 +1100 Subject: [PATCH] Allows auth information from AccessList not to be passed to proxied hosts. Resolves issue #153. Signed-off-by: James Morgan --- backend/internal/access-list.js | 2 + .../migrations/20201014143841_pass_auth.js | 41 +++++++++++++++++++ backend/models/access_list.js | 4 ++ backend/schema/endpoints/access-lists.json | 9 ++++ backend/templates/proxy_host.conf | 2 + frontend/js/app/nginx/access/form.ejs | 10 +++++ frontend/js/app/nginx/access/form.js | 1 + frontend/js/i18n/messages.json | 3 +- 8 files changed, 71 insertions(+), 1 deletion(-) create mode 100644 backend/migrations/20201014143841_pass_auth.js diff --git a/backend/internal/access-list.js b/backend/internal/access-list.js index 79daa25..5b817d0 100644 --- a/backend/internal/access-list.js +++ b/backend/internal/access-list.js @@ -31,6 +31,7 @@ const internalAccessList = { .insertAndFetch({ name: data.name, satisfy_any: data.satisfy_any, + pass_auth: data.pass_auth, owner_user_id: access.token.getUserId(1) }); }) @@ -128,6 +129,7 @@ const internalAccessList = { .patch({ name: data.name, satisfy_any: data.satisfy_any, + pass_auth: data.pass_auth, }); } }) diff --git a/backend/migrations/20201014143841_pass_auth.js b/backend/migrations/20201014143841_pass_auth.js new file mode 100644 index 0000000..a7767eb --- /dev/null +++ b/backend/migrations/20201014143841_pass_auth.js @@ -0,0 +1,41 @@ +const migrate_name = 'pass_auth'; +const logger = require('../logger').migrate; + +/** + * Migrate + * + * @see http://knexjs.org/#Schema + * + * @param {Object} knex + * @param {Promise} Promise + * @returns {Promise} + */ +exports.up = function (knex/*, Promise*/) { + + logger.info('[' + migrate_name + '] Migrating Up...'); + + return knex.schema.table('access_list', function (access_list) { + access_list.integer('pass_auth').notNull().defaultTo(1); + }) + .then(() => { + logger.info('[' + migrate_name + '] access_list Table altered'); + }); +}; + +/** + * Undo Migrate + * + * @param {Object} knex + * @param {Promise} Promise + * @returns {Promise} + */ +exports.down = function (knex/*, Promise*/) { + logger.info('[' + migrate_name + '] Migrating Down...'); + + return knex.schema.table('access_list', function (access_list) { + access_list.dropColumn('pass_auth'); + }) + .then(() => { + logger.info('[' + migrate_name + '] access_list pass_auth Column dropped'); + }); +}; diff --git a/backend/models/access_list.js b/backend/models/access_list.js index 8e63a2a..01974e8 100644 --- a/backend/models/access_list.js +++ b/backend/models/access_list.js @@ -93,6 +93,10 @@ class AccessList extends Model { get satisfy() { return this.satisfy_any ? 'satisfy any' : 'satisfy all'; } + + get passauth() { + return this.pass_auth ? '' : 'proxy_set_header Authorization "";'; + } } module.exports = AccessList; diff --git a/backend/schema/endpoints/access-lists.json b/backend/schema/endpoints/access-lists.json index 646306b..404e323 100644 --- a/backend/schema/endpoints/access-lists.json +++ b/backend/schema/endpoints/access-lists.json @@ -42,6 +42,9 @@ "satisfy_any": { "type": "boolean" }, + "pass_auth": { + "type": "boolean" + }, "meta": { "type": "object" } @@ -102,6 +105,9 @@ "satisfy_any": { "$ref": "#/definitions/satisfy_any" }, + "pass_auth": { + "$ref": "#/definitions/pass_auth" + }, "items": { "type": "array", "minItems": 0, @@ -167,6 +173,9 @@ "satisfy_any": { "$ref": "#/definitions/satisfy_any" }, + "pass_auth": { + "$ref": "#/definitions/pass_auth" + }, "items": { "type": "array", "minItems": 0, diff --git a/backend/templates/proxy_host.conf b/backend/templates/proxy_host.conf index b553e1c..1c2c0e7 100644 --- a/backend/templates/proxy_host.conf +++ b/backend/templates/proxy_host.conf @@ -27,6 +27,8 @@ server { # Authorization auth_basic "Authorization required"; auth_basic_user_file /data/access/{{ access_list_id }}; + + {{ access_list.passauth }} {% endif %} # Access Rules diff --git a/frontend/js/app/nginx/access/form.ejs b/frontend/js/app/nginx/access/form.ejs index 94423db..b22b99a 100644 --- a/frontend/js/app/nginx/access/form.ejs +++ b/frontend/js/app/nginx/access/form.ejs @@ -31,6 +31,16 @@ + +
+
+ +
+
diff --git a/frontend/js/app/nginx/access/form.js b/frontend/js/app/nginx/access/form.js index 0e4291a..92581f8 100644 --- a/frontend/js/app/nginx/access/form.js +++ b/frontend/js/app/nginx/access/form.js @@ -73,6 +73,7 @@ module.exports = Mn.View.extend({ let data = { name: form_data.name, satisfy_any: !!form_data.satisfy_any, + pass_auth: !!form_data.pass_auth, items: items_data, clients: clients_data }; diff --git a/frontend/js/i18n/messages.json b/frontend/js/i18n/messages.json index af3e8cb..4bfb190 100644 --- a/frontend/js/i18n/messages.json +++ b/frontend/js/i18n/messages.json @@ -206,7 +206,8 @@ "authorization": "Authorization", "access": "Access", "satisfy": "Satisfy", - "satisfy-any": "Satisfy Any" + "satisfy-any": "Satisfy Any", + "pass-auth": "Pass Auth to Host" }, "users": { "title": "Users",